Device, system, and method of recovery and resetting of user authentication factor

US 20160294837A1
Filed: 06/15/2016
Published: 10/06/2016
Est. Priority Date: 11/29/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining that a current user, that (i) fails to perform an authentication process for accessing a service or (ii) requests to perform a reset process for a user-authentication factor of said service, is a genuine user that is authorized to reset said user-authentication factor of said service, by performing;

(a) presenting to the current user a fresh task that the current user is required to perform and that can be tracked by the service;

(b) monitoring a manner in which the current user performs the fresh task;

(c) extracting from said manner in which the current user performs the fresh, a fresh user-specific characteristic;

(d) comparing between (I) the fresh user-specific characteristic, that is extracted from the manner in which the current user performs the fresh task, and (II) a previously-extracted user-specific characteristic that was previously extracted from prior user interactions of the genuine user;

(e) if there is a match between (I) the fresh user-specific characteristic, that is extracted from the manner in which the current user performs the fresh task, and (II) the previously-extracted user-specific characteristic that was previously extracted from prior user interactions of the genuine user, then determining that the current user is the genuine user that is authorized to reset said user-authentication factor of said service.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Devices, systems, and methods of password recovery and password reset, as well as resetting or recovering other types of user-authentication factor. A system monitors and tracks user-interactions that are performed by a user of an electronic device or a computerized service. The system defines a user-specific task or challenge, in which the user is requested to enter a phrase or perform a task. A user-specific feature is extracted from the manner in which the user performs the task. Subsequently, that user-specific feature is utilized instead of a security question, in order to verify the identity of the user and to allow the user to perform password reset or to perform a reset of another user-authentication factor; by presenting to the user the same task or a similar task, and monitoring the manner in which the user performs the fresh task.

93 Citations

View as Search Results

22 Claims

1. A method comprising:
- determining that a current user, that (i) fails to perform an authentication process for accessing a service or (ii) requests to perform a reset process for a user-authentication factor of said service, is a genuine user that is authorized to reset said user-authentication factor of said service, by performing;
  
  (a) presenting to the current user a fresh task that the current user is required to perform and that can be tracked by the service;
  
  (b) monitoring a manner in which the current user performs the fresh task;
  
  (c) extracting from said manner in which the current user performs the fresh, a fresh user-specific characteristic;
  
  (d) comparing between (I) the fresh user-specific characteristic, that is extracted from the manner in which the current user performs the fresh task, and (II) a previously-extracted user-specific characteristic that was previously extracted from prior user interactions of the genuine user;
  
  (e) if there is a match between (I) the fresh user-specific characteristic, that is extracted from the manner in which the current user performs the fresh task, and (II) the previously-extracted user-specific characteristic that was previously extracted from prior user interactions of the genuine user, then determining that the current user is the genuine user that is authorized to reset said user-authentication factor of said service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1, wherein step (e) comprises:
    - if there is a match between (I) the fresh user-specific characteristic, that is extracted from the manner in which the current user performs the fresh task, and (II) the previously-extracted user-specific characteristic that was previously extracted from prior user interactions of the genuine user, then;
      
      determining that the current user is the genuine user that is authorized to reset said user-authentication factor of said service, and performing a reset of the user-authentication factor.
  - 3. The method of claim 1, comprising:
    - prior to a current usage session in which the current user attempts to authenticate to the service, performing;
      
      during a single prior usage session, requiring the user to perform a task; and
      
      during said single prior usage session, extracting from user interactions of the user performing said task a user-specific characteristic, that is subsequently utilized for identifying the current user during a process of resetting a user-authentication factor.
  - 4. The method of claim 1, comprising:
    - prior to a current usage session in which the current user attempts to authenticate to the service, performing;
      
      during a set of multiple prior usage sessions, requiring the user to perform a task; and
      
      during said multiple prior usage sessions, extracting from user interactions of the user performing said task a user-specific characteristic, that is subsequently utilized for identifying the current user during a process of resetting a user-authentication factor.
  - 5. The method of claim 1, comprising:
    - prior to a current usage session in which the current user attempts to authenticate to the service, performing;
      
      during a single log-in process of a single prior usage session, requiring the user to perform a task; and
      
      during said single log-in process of said single prior usage session, extracting from user interactions of the user performing said task a user-specific characteristic, that is subsequently utilized for identifying the current user during a process of resetting a user-authentication factor.
  - 6. The method of claim 1, comprising:
    - prior to a current usage session in which the current user attempts to authenticate to the service, performing;
      
      during a set of multiple log-in processes of a plurality of prior usage sessions, requiring the user to perform a task; and
      
      during said multiple log-in processes of said plurality of prior usage sessions, extracting from user interactions of the user performing said task a user-specific characteristic, that is subsequently utilized for identifying the current user during a process of resetting a user-authentication factor.
  - 7. The method of claim 1, comprising:
    - (A) receiving from the current user a fresh input that the current user alleges to be a correct password for an account of said user;
      
      (B) determining that the fresh input submitted by the current user, is not the correct current password of said account, but is identical to a prior password that was associated with said account in the past and expired;
      
      (C) further determining that a manner in which the current user entered the fresh input, exhibits a same user-specific manner that was exhibited in the past when said prior password was a valid password and was entered in the past to access said account;
      
      (D) based on both the determining of step (B) and the determining of step (C), further determining that the current user is the genuine user that is authorized to reset said password of said account.
  - 8. The method of claim 1, comprising:
    - (A) receiving from the current user a fresh input that the current user alleges to be a correct password for an account of said user;
      
      (B) determining that the fresh input submitted by the current user, is not the correct current password of said account, but contains a string that is identical to a subset of a prior password that was associated with said account in the past and expired;
      
      (C) further determining that a manner in which the current user entered said string of the fresh input, exhibits a same user-specific manner that was exhibited in the past when said prior password was a valid password and was entered in the past to access said account;
      
      (D) based on both the determining of step (B) and the determining of step (C), further determining that the current user is the genuine user that is authorized to reset said password of said account.
  - 9. The method of claim 1, comprising:
    - (A) receiving from the current user a fresh input that the current user alleges to be a correct password for an account of said user;
      
      (B) determining that the fresh input submitted by the current user, is not the correct current password of said account;
      
      (C) requesting from the current user to input a prior password, that was associated with said account in the past and already expired;
      
      (D) determining that the current user enters a new string, which is identical to said prior password, and which is entered by the current user in a same user-specific manner that was exhibited in the past when the prior password was valid for said account;
      
      (E) based on the determining of step (D), determining that the current user is the genuine user that is authorized to reset said password of said account.
  - 10. The method of claim 1, comprising:
    - while the user is performing the task, injecting an input/output aberration to a behavior of an input unit that the current user utilizes;
      
      tracking a reaction of the user to the input/output aberration;
      
      extracting from said reaction a user-specific reaction characteristic; and
      
      determining whether the current user is authorized to reset said user-authentication factor by taking into account the user-specific reaction characteristic.
  - 11. The method of claim 1, comprising:
    - while the user is performing the task, injecting an input/output aberration to a behavior of an input unit that the current user utilizes;
      
      tracking a corrective gesture of the user to the input/output aberration;
      
      extracting from said corrective gesture a user-specific corrective characteristic; and
      
      determining whether the current user is authorized to reset said user-authentication factor by taking into account the user-specific corrective characteristic.
  - 12. The method of claim 1, comprising:
    - during a first K usage-sessions of the user with the computerized service, wherein K is a positive integer;
      
      requiring the user perform the task, without yet relying for user authentication purposes on a user-specific characteristic that is exhibited in user performance of the task during said first K usage-sessions;
      
      starting at the K+1 usage-session of the user with the computerized service, relying for user authentication purposes on a user-specific characteristic that was exhibited in user performance of the task during said first K usage-sessions.
  - 13. The method of claim 1, wherein said task is utilized for as a condition for granting access to the user to a physical location.
  - 14. The method of claim 1, wherein said task is utilized as a condition for granting access to the user to a vehicle.
  - 15. The method of claim 1, wherein said task is utilized for user authentication as part of a multi-factor authentication process.
  - 16. The method of claim 1, comprising:
    - collecting user interactions data both (i) during performance of the task, and (ii) immediately prior to performance of the task;
      
      generating a user-specific profile based on both (I) the user interactions during performance of the task, and (II) the user interactions immediately prior to performance of the task.
  - 17. The method of claim 1, comprising:
    - collecting user interactions data both (i) during performance of the task, and (ii) immediately after performance of the task;
      
      generating a user-specific profile based on both (I) the user interactions during performance of the task, and (II) the user interactions immediately after performance of the task.
  - 18. The method of claim 1, comprising:
    - collecting user interactions data both (i) during performance of the task, and (ii) immediately after performance of the task, and (iii) immediately prior to performance of the task;
      
      generating a user-specific profile based on both (I) the user interactions during performance of the task, and (II) the user interactions immediately after performance of the task, and (III) the user interactions immediately prior to performance of the past.
  - 19. The method of claim 1, comprising:
    - collecting user interactions data, by both (i) collecting user interactions data via the input unit, and (ii) collecting one or more sensed parameters that are sensed via a sensor of the electronic device during task performance;
      
      generating a user-specific biometric based on both (I) the user interactions via the input unit during performance of the task, and (II) the one or more sensed parameters that are sensed via said sensor of the electronic device during task performance.
  - 20. The method of claim 1, comprising:
    - collecting user interactions data, by both (i) collecting user interactions data via the input unit, and (ii) collecting one or more send device-acceleration parameters that are sensed via an accelerometer of the electronic device during task performance;
      
      generating a user-specific biometric based on both (I) the user interactions via the input unit during performance of the task, and (II) the one or more device-acceleration parameters that are sensed via said accelerometer of the electronic device during task performance.
  - 21. The method of claim 1, comprising:
    - collecting user interactions data, by both (i) collecting user interactions data via the input unit, and (ii) collecting one or more send device-orientation parameters that are sensed via a gyroscope of the electronic device during task performance;
      
      generating a user-specific biometric based on both (I) the user interactions via the input unit during performance of the task, and (II) the one or more device-orientation parameters that are sensed via a gyroscope of the electronic device during task performance.
  - 22. The method of claim 1, comprising:
    - generating an entire-device task, which requires the current user to move an entirety of the end-user device in a particular spatial pattern, and which does not require the current user to type characters, and which does not require the current user to utilize an on-screen pointer;
      
      utilizing one or more physical sensors of the end-user device to monitor a manner in which the end-user device is moved while the current user performs said entire-device task;
      
      extracting from said manner, a user-specific feature that reflects a user-specific manner in which the end-user device was moved by the current user as he performed said entire-device task;
      
      based on said user-specific feature, determining that the current user is the genuine user that is authorized to reset said user-authentication factor of said service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Biocatch Ltd.
Original Assignee
Biocatch Ltd.
Inventors
Turgeman, Avi

Granted Patent

US 10,164,985 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/316   by observing the pattern of...

G06F 21/32   using biometric data, e.g. ...

G06F 2221/2103   Challenge-response

G06F 2221/2131   Lost password, e.g. recover...

G06F 2221/2133   Verifying human interaction...

G06F 3/0481   based on specific propertie...

G06F 3/04842   Selection of displayed obje...

G06F 3/0486   Drag-and-drop

G06F 3/04886   by partitioning the display...

G07C 9/33   by means of a password

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/102   Entity profiles

H04L 63/1408   by monitoring network traff...

Device, system, and method of recovery and resetting of user authentication factor

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

93 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Device, system, and method of recovery and resetting of user authentication factor

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

93 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links